WO2023115850A1 - Consortium blockchain consensus identity authentication method - Google Patents

Consortium blockchain consensus identity authentication method Download PDF

Info

Publication number
WO2023115850A1
WO2023115850A1 PCT/CN2022/099577 CN2022099577W WO2023115850A1 WO 2023115850 A1 WO2023115850 A1 WO 2023115850A1 CN 2022099577 W CN2022099577 W CN 2022099577W WO 2023115850 A1 WO2023115850 A1 WO 2023115850A1
Authority
WO
WIPO (PCT)
Prior art keywords
signature
node
verification
private key
public
Prior art date
Application number
PCT/CN2022/099577
Other languages
French (fr)
Chinese (zh)
Inventor
管桂林
谢真强
程序
田懿
曹扬
李响
韩国权
黄海峰
Original Assignee
中电科大数据研究院有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中电科大数据研究院有限公司 filed Critical 中电科大数据研究院有限公司
Publication of WO2023115850A1 publication Critical patent/WO2023115850A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity

Definitions

  • the invention relates to a consortium chain consensus identity authentication method, which belongs to the technical field of block chains, and specifically relates to a consortium chain consensus authentication method applicable to the development and utilization of public data resources.
  • the blockchain realizes on-chain certificate storage, anti-counterfeiting traceability, data supervision and other services, and can be divided into public chains, alliance chains and private chains.
  • the alliance chain is jointly maintained by institutional members, providing member management, authentication, authorization, monitoring, and auditing and other functions, its openness is generally between the public chain and the private chain.
  • multiple organizations jointly manage a blockchain. Nodes wanting to join the alliance chain must be approved by the organization.
  • the data on the chain is only the nodes in the alliance chain. have the right to read and write.
  • the alliance chain has the advantages of faster speed, lower cost, partial decentralization, strong controllability, and data will not be disclosed by default, it is widely used in government agencies, finance, manufacturing, logistics, medical care, insurance and other application scenarios Provide full-process data traceability, on-chain storage, and trusted data sharing services.
  • the present invention provides a consortium chain consensus identity authentication method, the consortium chain consensus identity authentication method.
  • the present invention is achieved through the following technical solutions.
  • a consortium chain consensus identity authentication method provided by the present invention comprises the following steps:
  • the supervisory node runs the initialization algorithm to generate the public parameter PK, and at the same time generates digital identity information according to the unique identity information of the alliance member, and uploads the public parameter PK and digital identity information to the blockchain, and then generate the corresponding identity private key for each node's alliance members through the key generation algorithm;
  • the leader node packs and verifies a batch of transactions to form a block, signs the block with its own private key, and sends it to the follower node;
  • the follower node After the follower node receives the signature, it verifies the signature through the digital identity public key of the leader node. If it passes the verification, it verifies the transaction data in the block, and uses its own private key to vote and sign and broadcast it to the follower node. Each child follower node; if the verification is not passed, the verification fails and returns to step 2;
  • the identity signature includes an initialization module, a key generation module, a signature module and a signature verification module.
  • the initialization module process includes the following steps:
  • the public parameter PK required for data transmission is generated by the supervisory node in the alliance chain, and the public parameter PK is uploaded to the blockchain;
  • Z q is a finite field of order q
  • the public parameters PK ⁇ q, e, G 1 ,G 2 ,H 1 ,H 2 ,g ⁇ .
  • the key generation module process includes the following steps:
  • the supervisory node obtains the public parameter PK on the chain, and then generates its own private key by running the key generation algorithm according to the identity information of each node's alliance member, inputs the user's unique identity information ID, public parameter PK, and outputs the user's private key S ID and digital identity P ID , upload the digital identity information (ID, P ID ) to the blockchain, and send the private key S ID to the user through a secure channel;
  • Q ID is the hash value of the identity information
  • x is the hash value of the supervisory node's private key s and Q ID .
  • the signature module process includes the following steps:
  • the signing node obtains the public parameter PK through the chain, then runs the signature algorithm, inputs the signature private key S ID , the public parameter PK, and the information M to be signed, and outputs the signature ⁇ ;
  • the signature verification module process includes the following steps:
  • the verification node obtains the public parameter PK and digital identity information through the chain, runs the verification signature algorithm, inputs the signature ⁇ , public parameter PK and digital identity information, and outputs true if the signature verification is correct, otherwise false;
  • the verification node obtains the public key of the sending node and the public parameter PK from the chain, calculates H 1 (M), and passes the verification equation Whether it is established to determine whether the signature is correct;
  • the beneficial effects of the present invention are: it can ensure that the data transmission process is not tampered with, and can identify the identity information of the signer; when applied to the development and utilization of public data resources, combined with the technology based on identity signature, it not only realizes efficient security access control At the same time, it also expands the usage scenarios of the alliance chain, which can effectively solve the problem of quickly and safely realizing identity authentication between consensus nodes under the background of the alliance chain.
  • Fig. 1 is the flowchart of identity signature of the present invention
  • Fig. 2 is a flow chart of the present invention.
  • a consortium chain consensus identity authentication method includes the following steps:
  • the supervisory node runs the initialization algorithm to generate the public parameter PK, and at the same time generates digital identity information according to the unique identity information of the alliance member, and uploads the public parameter PK and digital identity information to the blockchain, and then generate the corresponding identity private key for each node's alliance members through the key generation algorithm;
  • the leader node packs and verifies a batch of transactions to form a block, signs the block with its own private key, and sends it to the follower node;
  • the follower node After the follower node receives the signature, it verifies the signature through the digital identity public key of the leader node. If it passes the verification, it verifies the transaction data in the block, and uses its own private key to vote and sign and broadcast it to the follower node. Each child follower node; if the verification is not passed, the verification fails and returns to step 2;
  • the identity signature includes an initialization module, a key generation module, a signature module, and a signature verification module, as shown in FIG. 1 .
  • the initialization module process includes the following steps:
  • the public parameter PK required for data transmission is generated by the supervisory node in the alliance chain, and the public parameter PK is uploaded to the blockchain;
  • Z q is a finite field of order q
  • the public parameters PK ⁇ q, e, G 1 ,G 2 ,H 1 ,H 2 ,g ⁇ .
  • the key generation module process includes the following steps:
  • the supervisory node obtains the public parameter PK on the chain, and then generates its own private key by running the key generation algorithm according to the identity information of each node's alliance member, inputs the user's unique identity information ID, public parameter PK, and outputs the user's private key S ID and digital identity P ID , upload the digital identity information (ID, P ID ) to the blockchain, and send the private key S ID to the user through a secure channel;
  • Q ID is the hash value of the identity information ID
  • x is the hash value of the supervisory node's private key s and Q ID .
  • the signature module process includes the following steps:
  • the signing node obtains the public parameter PK through the chain, then runs the signature algorithm, inputs the signature private key S ID , the public parameter PK, and the information M to be signed, and outputs the signature ⁇ ;
  • the signature verification module process includes the following steps:
  • the verification node obtains the public parameter PK and digital identity information through the chain, runs the verification signature algorithm, inputs the signature, public parameter PK and digital identity information, and outputs true if the signature verification is correct, otherwise false;
  • the verification node obtains the public key of the sending node and the public parameter PK from the chain, calculates H 1 (M), and passes the verification equation Whether it is established to determine whether the signature is correct;

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Collating Specific Patterns (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention provides a consortium blockchain consensus identity authentication method. A user joins a consortium blockchain by means of an access mechanism of the consortium blockchain to become a consortium member. A supervision node operates an initialization algorithm to generate a public parameter PK, generates digital identity information according to unique identifier information of the consortium member, uploads the public parameter PK and the digital identity information to the blockchain, and then generates a corresponding identity private key for the consortium member of each node by means of a key generation algorithm. The beneficial effects of the present invention are that: a data transmission process can be ensured not to be tampered, and identity information of the signer can be identified; the present invention is applied to public data resource development and utilization scenarios; and the combination with an identity signature-based technology not only realizes efficient and safe access control but also expands use scenarios of a consortium blockchain, thereby solving the problem of quickly and safely achieving identity authentication between consensus nodes in the context of a consortium blockchain.

Description

一种联盟链共识身份认证方法A Consortium Chain Consensus Identity Authentication Method 技术领域technical field
本发明涉及一种联盟链共识身份认证方法,属于区块链技术领域,具体涉及一种适用于公共数据资源开发利用场景下的联盟链共识认证方法。The invention relates to a consortium chain consensus identity authentication method, which belongs to the technical field of block chains, and specifically relates to a consortium chain consensus authentication method applicable to the development and utilization of public data resources.
背景技术Background technique
开展公共数据资源开发利用建设,不仅可以促进城市数字经济发展、保障社会民生,而且对提升政府管理理念、实现政府治理能力现代化具有重要作用。然而,目前在推动公共数据市场化增值开发过程中,存在数据资源共享效率低、个人数据隐私难以保障、数据使用过程难以监管等问题,同时在提升数据资源在经济发展、社会治理等领域的支撑决策能力方面较弱,难以支撑公共数据向社会侧的价值充分释放。Carrying out the development and utilization of public data resources can not only promote the development of the urban digital economy and protect the people's livelihood, but also play an important role in improving government management concepts and realizing the modernization of government governance capabilities. However, in the process of promoting the market-based value-added development of public data, there are problems such as low data resource sharing efficiency, difficulty in ensuring personal data privacy, and difficulty in monitoring the data use process. At the same time, it is improving the support of data resources in the fields of economic development and social governance. The decision-making ability is weak, and it is difficult to support the full release of the value of public data to the social side.
区块链实现了链上存证、防伪溯源、数据监管等服务,可分为公有链、联盟链和私有链,其中联盟链由机构成员共同维护,提供成员管理、认证、授权、监控、审计等功能,其开放程度一般介于公有链和私有链之间,通常由多个组织共同管理一个区块链,节点想要加入联盟链必须由组织同意,链上的数据只有联盟链中的节点才有权读写。由于联盟链具备速度更快、成本更低、部分去中心化、可控性强、数据不会默认公开等优势,被广泛运用于政府机构、金融、制造、物流、医疗、保险等应用场景中提供数据的全流程数据溯源、上链存证、数据可信共享服务。The blockchain realizes on-chain certificate storage, anti-counterfeiting traceability, data supervision and other services, and can be divided into public chains, alliance chains and private chains. The alliance chain is jointly maintained by institutional members, providing member management, authentication, authorization, monitoring, and auditing and other functions, its openness is generally between the public chain and the private chain. Usually, multiple organizations jointly manage a blockchain. Nodes wanting to join the alliance chain must be approved by the organization. The data on the chain is only the nodes in the alliance chain. have the right to read and write. Because the alliance chain has the advantages of faster speed, lower cost, partial decentralization, strong controllability, and data will not be disclosed by default, it is widely used in government agencies, finance, manufacturing, logistics, medical care, insurance and other application scenarios Provide full-process data traceability, on-chain storage, and trusted data sharing services.
然而,现有联盟链成员间共识认证机制大多采用的是基于PKI体制的公钥签名算法,当联盟节点对数据进行签名时,均需在第三方证书管理机构(CA)请求公钥证书,随着联盟节点越来越大时,将造成CA需维护大量的公钥证书的问题。基于身份密码体制作为一种公钥密码技术,改变了传统公钥产生方式,将用户唯一标识身份的信息如身份证号、电子邮件、电话号码等当作公钥,无需向CA申请公钥数字证书,有效避免了传统公钥密码体制中证书生成、验证、存储和吊销等问题,减轻了用户对公钥证书的依赖。However, most of the existing consensus authentication mechanisms among members of the alliance chain use the public key signature algorithm based on the PKI system. As the alliance nodes become larger and larger, it will cause the problem that CA needs to maintain a large number of public key certificates. As a public key cryptography technology, identity-based cryptography has changed the traditional way of generating public keys, and uses information that uniquely identifies users, such as ID numbers, emails, phone numbers, etc., as public keys, without the need to apply for public key numbers from CA Certificates effectively avoid the problems of certificate generation, verification, storage and revocation in traditional public key cryptosystems, and reduce users' dependence on public key certificates.
综上所述,基于身份密码体制,如何在公共数据资源开发利用场景下设计一个联盟链共识安全身份认证方法,保障联盟共识节点之间的通信能够在区块链底层网络的支撑下得到高效访问控制是成为一个亟待解决的问题。To sum up, based on the identity encryption system, how to design an alliance chain consensus security identity authentication method in the development and utilization of public data resources to ensure that the communication between alliance consensus nodes can be efficiently accessed under the support of the underlying network of the blockchain Control is becoming a burning problem.
技术问题technical problem
为解决上述技术问题,本发明提供了一种联盟链共识身份认证方法,该联盟链共识身份认证方法。In order to solve the above technical problems, the present invention provides a consortium chain consensus identity authentication method, the consortium chain consensus identity authentication method.
技术解决方案technical solution
本发明通过以下技术方案得以实现。The present invention is achieved through the following technical solutions.
本发明提供的一种联盟链共识身份认证方法,包括以下步骤:A consortium chain consensus identity authentication method provided by the present invention comprises the following steps:
①用户通过联盟链的准入机制加入其中成为一个联盟成员,监管节点运行初始化算法产生公开参数PK,同时根据联盟成员的唯一身份标识信息生成数字身份信息,并将公开参数PK与数字身份信息上传至区块链,然后通过密钥生成算法为每位节点的联盟成员生成相应身份私钥; ①A user joins through the access mechanism of the alliance chain and becomes an alliance member. The supervisory node runs the initialization algorithm to generate the public parameter PK, and at the same time generates digital identity information according to the unique identity information of the alliance member, and uploads the public parameter PK and digital identity information to the blockchain, and then generate the corresponding identity private key for each node's alliance members through the key generation algorithm;
②领导节点将一批交易进行打包验证,组成一个区块,运用自身私钥对区块进行身份签名,并发送给随从节点;②The leader node packs and verifies a batch of transactions to form a block, signs the block with its own private key, and sends it to the follower node;
③当随从节点收到签名后,通过领导节点的数字身份公钥进行验证签名,如果通过验证后,对区块中的交易数据进行验证,并用自身私钥进行投票签名并广播给随从节点中的各个子随从节点;如果没有通过验证,则验证失败,返回步骤②;③ After the follower node receives the signature, it verifies the signature through the digital identity public key of the leader node. If it passes the verification, it verifies the transaction data in the block, and uses its own private key to vote and sign and broadcast it to the follower node. Each child follower node; if the verification is not passed, the verification fails and returns to step ②;
④当其他子随从节点收到投票签名后,分别利用各自节点的公钥进行验证,并根据投票结果,将该区块进行存储。 ④ After receiving the voting signature, other sub-entry nodes use their respective public keys for verification, and store the block according to the voting results.
所述身份签名包括初始化模块、密钥生成模块、签名模块、验签模块。The identity signature includes an initialization module, a key generation module, a signature module and a signature verification module.
所述初始化模块流程包括以下步骤:The initialization module process includes the following steps:
①由联盟链中的监管节点生成传输数据需要的公开参数PK,并将公开参数PK上传至区块链;①The public parameter PK required for data transmission is generated by the supervisory node in the alliance chain, and the public parameter PK is uploaded to the blockchain;
②随机选择两个阶为素数q的群G1和G2,定义双线性映射e、哈希函数H 1和H 2②Randomly select two groups G1 and G2 whose order is a prime number q, and define bilinear map e and hash functions H 1 and H 2 :
e:G 1×G 2→G 2e: G 1 ×G 2 →G 2 ,
H 1:{0,1} n→G 1H 1 : {0,1} n → G 1 ;
H 2:G 1→Z q; H 2 :G 1 →Z q ;
③从有限域Z q中随机选取一个随机数s作为其私钥,再从群G 1中随机选取g作为其生成元,最后将公开参数PK上传至区块链; ③ Randomly select a random number s from the finite field Z q as its private key, then randomly select g from the group G 1 as its generator, and finally upload the public parameter PK to the blockchain;
其中:in:
Z q为q阶有限域,公开参数PK={q, e, G 1 ,G 2 ,H 1 ,H 2 ,g }。 Z q is a finite field of order q, and the public parameters PK={q, e, G 1 ,G 2 ,H 1 ,H 2 ,g }.
所述密钥生成模块流程包括以下步骤:The key generation module process includes the following steps:
①监管节点在链上获取公开参数PK,然后根据每位节点的联盟成员身份信息,通过运行密钥生成算法生成各自的私钥,输入用户唯一身份信息ID、公开参数PK,输出用户私钥S ID与数字身份P ID,并将数字身份信息(ID,P ID)上传至区块链,将私钥S ID通过安全信道发送给用户; ①The supervisory node obtains the public parameter PK on the chain, and then generates its own private key by running the key generation algorithm according to the identity information of each node's alliance member, inputs the user's unique identity information ID, public parameter PK, and outputs the user's private key S ID and digital identity P ID , upload the digital identity information (ID, P ID ) to the blockchain, and send the private key S ID to the user through a secure channel;
②根据节点联盟成员身份信息信息ID∈{0,1} n,计算Q ID=H 1(ID),x=H 1(sQ ID),然后计算节点私钥S ID=x+s,用户公钥P ID=g x+s,将私钥S ID通过安全信道发送给用户; ②According to the node alliance member identity information ID∈{0,1} n , calculate Q ID =H 1 (ID), x=H 1 (sQ ID ), and then calculate node private key S ID =x+s, user public key Key P ID =g x+s , send the private key S ID to the user through a secure channel;
其中,Q ID为身份信息的哈希值,x为监管节点的私钥s与Q ID的哈希值。 Among them, Q ID is the hash value of the identity information, and x is the hash value of the supervisory node's private key s and Q ID .
所述签名模块流程包括以下步骤:The signature module process includes the following steps:
①签名节点通过链上获取到公开参数PK,然后运行签名算法,输入签名私钥S ID、公开参数PK、待签名信息M,输出签名δ; ①The signing node obtains the public parameter PK through the chain, then runs the signature algorithm, inputs the signature private key S ID , the public parameter PK, and the information M to be signed, and outputs the signature δ;
②对于待签名信息M,计算H 1(M),随机选取随机数r∈Z q,利用私钥S ID计算第一签名
Figure 725766dest_path_image001
,第二签名
Figure 517004dest_path_image002
,输出签名
Figure 674447dest_path_image003
,并发送给验证节点。 ② For the message M to be signed, calculate H 1 (M), randomly select a random number r∈Z q , and use the private key S ID to calculate the first signature
Figure 725766dest_path_image001
, the second signature
Figure 517004dest_path_image002
, the output signature
Figure 674447dest_path_image003
, and sent to the verification node.
所述验签模块流程包括以下步骤:The signature verification module process includes the following steps:
①验证节点通过链上获取到公开参数PK与数字身份信息,运行验证签名算法,输入签名δ、公开参数PK与数字身份信息,如果签名验证正确,输出true,否则false;① The verification node obtains the public parameter PK and digital identity information through the chain, runs the verification signature algorithm, inputs the signature δ, public parameter PK and digital identity information, and outputs true if the signature verification is correct, otherwise false;
②验证节点从链上获取发送节点公钥和公开参数PK,计算H 1(M),通过验证等式
Figure 703583dest_path_image004
是否成立判断签名是否正确; ②The verification node obtains the public key of the sending node and the public parameter PK from the chain, calculates H 1 (M), and passes the verification equation
Figure 703583dest_path_image004
Whether it is established to determine whether the signature is correct;
验证等式的正确性验证如下:The correctness verification of the verification equation is as follows:
Figure 740809dest_path_image005
Figure 740809dest_path_image005
.
有益效果Beneficial effect
本发明的有益效果在于:能够保证数据传输过程不被篡改,并能识别签名者的身份信息;应用在公共数据资源开发利用场景上,结合基于身份签名的技术,不仅实现了高效的安全访问控制,同时还扩展了联盟链的使用场景,能够有效解决在联盟链背景下快速安全地实现共识节点间身份认证的问题。The beneficial effects of the present invention are: it can ensure that the data transmission process is not tampered with, and can identify the identity information of the signer; when applied to the development and utilization of public data resources, combined with the technology based on identity signature, it not only realizes efficient security access control At the same time, it also expands the usage scenarios of the alliance chain, which can effectively solve the problem of quickly and safely realizing identity authentication between consensus nodes under the background of the alliance chain.
附图说明Description of drawings
图1是本发明身份签名的流程图;Fig. 1 is the flowchart of identity signature of the present invention;
图2是本发明的流程图。Fig. 2 is a flow chart of the present invention.
本发明的实施方式Embodiments of the present invention
下面进一步描述本发明的技术方案,但要求保护的范围并不局限于所述。The technical solution of the present invention is further described below, but the scope of protection is not limited to the description.
如图2所示,一种联盟链共识身份认证方法,包括以下步骤:As shown in Figure 2, a consortium chain consensus identity authentication method includes the following steps:
①用户通过联盟链的准入机制加入其中成为一个联盟成员,监管节点运行初始化算法产生公开参数PK,同时根据联盟成员的唯一身份标识信息生成数字身份信息,并将公开参数PK与数字身份信息上传至区块链,然后通过密钥生成算法为每位节点的联盟成员生成相应身份私钥; ①A user joins through the access mechanism of the alliance chain and becomes an alliance member. The supervisory node runs the initialization algorithm to generate the public parameter PK, and at the same time generates digital identity information according to the unique identity information of the alliance member, and uploads the public parameter PK and digital identity information to the blockchain, and then generate the corresponding identity private key for each node's alliance members through the key generation algorithm;
②领导节点将一批交易进行打包验证,组成一个区块,运用自身私钥对区块进行身份签名,并发送给随从节点;②The leader node packs and verifies a batch of transactions to form a block, signs the block with its own private key, and sends it to the follower node;
③当随从节点收到签名后,通过领导节点的数字身份公钥进行验证签名,如果通过验证后,对区块中的交易数据进行验证,并用自身私钥进行投票签名并广播给随从节点中的各个子随从节点;如果没有通过验证,则验证失败,返回步骤②;③ After the follower node receives the signature, it verifies the signature through the digital identity public key of the leader node. If it passes the verification, it verifies the transaction data in the block, and uses its own private key to vote and sign and broadcast it to the follower node. Each child follower node; if the verification is not passed, the verification fails and returns to step ②;
④当其他子随从节点收到投票签名后,分别利用各自节点的公钥进行验证,并根据投票结果,将该区块进行存储。 ④ After receiving the voting signature, other sub-entry nodes use their respective public keys for verification, and store the block according to the voting results.
所述身份签名包括初始化模块、密钥生成模块、签名模块、验签模块,如图1所示。The identity signature includes an initialization module, a key generation module, a signature module, and a signature verification module, as shown in FIG. 1 .
所述初始化模块流程包括以下步骤:The initialization module process includes the following steps:
①由联盟链中的监管节点生成传输数据需要的公开参数PK,并将公开参数PK上传至区块链;①The public parameter PK required for data transmission is generated by the supervisory node in the alliance chain, and the public parameter PK is uploaded to the blockchain;
②随机选择两个阶为素数q的群G1和G2,定义双线性映射e、哈希函数H 1和H 2②Randomly select two groups G1 and G2 whose order is a prime number q, and define bilinear map e and hash functions H 1 and H 2 :
e:G 1×G 2→G 2e: G 1 ×G 2 →G 2 ,
H 1:{0,1} n→G 1H 1 : {0,1} n → G 1 ;
H 2:G 1→Z q h 2:G 1→ Z q ;
③从有限域Z q中随机选取一个随机数s作为其私钥,再从群G 1中随机选取g作为其生成元,最后将公开参数PK上传至区块链; ③ Randomly select a random number s from the finite field Z q as its private key, then randomly select g from the group G 1 as its generator, and finally upload the public parameter PK to the blockchain;
其中:in:
Z q为q阶有限域,公开参数PK={q, e, G 1 ,G 2 ,H 1 ,H 2 ,g }。 Z q is a finite field of order q, and the public parameters PK={q, e, G 1 ,G 2 ,H 1 ,H 2 ,g }.
所述密钥生成模块流程包括以下步骤:The key generation module process includes the following steps:
①监管节点在链上获取公开参数PK,然后根据每位节点的联盟成员身份信息,通过运行密钥生成算法生成各自的私钥,输入用户唯一身份信息ID、公开参数PK,输出用户私钥S ID与数字身份P ID,并将数字身份信息(ID,P ID)上传至区块链,将私钥S ID通过安全信道发送给用户; ①The supervisory node obtains the public parameter PK on the chain, and then generates its own private key by running the key generation algorithm according to the identity information of each node's alliance member, inputs the user's unique identity information ID, public parameter PK, and outputs the user's private key S ID and digital identity P ID , upload the digital identity information (ID, P ID ) to the blockchain, and send the private key S ID to the user through a secure channel;
②根据节点联盟成员身份信息ID∈{0,1} n,计算Q ID=H 1(ID),x=H 1(sQ ID),然后计算节点私钥S ID=x+s,用户公钥P ID=g x+s,将私钥S ID通过安全信道发送给用户; ②According to the node alliance member identity information ID∈{0,1} n , calculate Q ID = H 1 (ID), x = H 1 (sQ ID ), and then calculate node private key S ID = x+s, user public key P ID =g x+s , send the private key S ID to the user through a secure channel;
其中,Q ID为身份信息ID的哈希值,x为监管节点的私钥s与Q ID的哈希值。 Among them, Q ID is the hash value of the identity information ID, and x is the hash value of the supervisory node's private key s and Q ID .
所述签名模块流程包括以下步骤:The signature module process includes the following steps:
①签名节点通过链上获取到公开参数PK,然后运行签名算法,输入签名私钥S ID、公开参数PK、待签名信息M,输出签名δ; ①The signing node obtains the public parameter PK through the chain, then runs the signature algorithm, inputs the signature private key S ID , the public parameter PK, and the information M to be signed, and outputs the signature δ;
②对于待签名信息M,计算H 1(M),随机选取随机数r∈Z q,利用私钥S ID计算第一签名
Figure 238918dest_path_image001
,第二签名
Figure 652582dest_path_image002
,输出签名
Figure 536224dest_path_image003
,并发送给验证节点。 ② For the message M to be signed, calculate H 1 (M), randomly select a random number r∈Z q , and use the private key S ID to calculate the first signature
Figure 238918dest_path_image001
, the second signature
Figure 652582dest_path_image002
, the output signature
Figure 536224dest_path_image003
, and sent to the verification node.
所述验签模块流程包括以下步骤:The signature verification module process includes the following steps:
①验证节点通过链上获取到公开参数PK与数字身份信息,运行验证签名算法,输入签名、公开参数PK与数字身份信息,如果签名验证正确,输出true,否则false;① The verification node obtains the public parameter PK and digital identity information through the chain, runs the verification signature algorithm, inputs the signature, public parameter PK and digital identity information, and outputs true if the signature verification is correct, otherwise false;
②验证节点从链上获取发送节点公钥和公开参数PK,计算H 1(M),通过验证等式
Figure 9931dest_path_image004
是否成立判断签名是否正确; ②The verification node obtains the public key of the sending node and the public parameter PK from the chain, calculates H 1 (M), and passes the verification equation
Figure 9931dest_path_image004
Whether it is established to determine whether the signature is correct;
验证等式的正确性验证如下:The correctness verification of the verification equation is as follows:
Figure 182286dest_path_image006
Figure 182286dest_path_image006
.
综上所述,与现有技术相比,本发明的有益成果是:In summary, compared with the prior art, the beneficial results of the present invention are:
一、结合了区块链技术与基于身份签名体制,实现用户身份与公钥进行绑定,避免了现有公钥基础设施体制存在的公钥证书管理困难、成本高、效率低的问题;1. Combining the blockchain technology and the identity-based signature system to realize the binding of user identity and public key, avoiding the problems of difficult management, high cost and low efficiency of public key certificates existing in the existing public key infrastructure system;
二、结合区块链背景打造了数字身份,能为联盟成员建立可信的链上身份,同时为身份认证提供强有力的技术支撑;2. Combined with the background of the blockchain, digital identities are created, which can establish credible identities on the chain for alliance members and provide strong technical support for identity authentication;
三、通用性强、安全性高,能够有效解决在联盟链背景下快速安全地实现共识节点间身份认证的问题。3. Strong versatility and high security, which can effectively solve the problem of quickly and safely realizing identity authentication between consensus nodes in the context of alliance chains.

Claims (1)

  1. 一种联盟链共识身份认证方法,其特征在于:包括以下步骤:A consortium chain consensus identity authentication method, characterized in that: comprising the following steps:
    ①用户通过联盟链的准入机制加入其中成为一个联盟成员,监管节点运行初始化算法产生公开参数PK,同时根据联盟成员的唯一身份标识信息生成数字身份信息,并将公开参数PK与数字身份信息上传至区块链,然后通过密钥生成算法为每位节点的联盟成员生成相应身份私钥; ①A user joins through the access mechanism of the alliance chain and becomes an alliance member. The supervisory node runs the initialization algorithm to generate the public parameter PK, and at the same time generates digital identity information according to the unique identity information of the alliance member, and uploads the public parameter PK and digital identity information to the blockchain, and then generate the corresponding identity private key for each node's alliance members through the key generation algorithm;
    ②领导节点将一批交易进行打包验证,组成一个区块,运用自身私钥对区块进行身份签名,并发送给随从节点;②The leader node packs and verifies a batch of transactions to form a block, signs the block with its own private key, and sends it to the follower node;
    ③当随从节点收到签名后,通过领导节点的数字身份公钥进行验证签名,如果通过验证后,对区块中的交易数据进行验证,并用自身私钥进行投票签名并广播给随从节点中的各个子随从节点;如果没有通过验证,则验证失败,返回步骤②;③ After the follower node receives the signature, it verifies the signature through the digital identity public key of the leader node. If it passes the verification, it verifies the transaction data in the block, and uses its own private key to vote and sign and broadcast it to the follower node. Each child follower node; if the verification is not passed, the verification fails and returns to step ②;
    ④当其他子随从节点收到投票签名后,分别利用各自节点的公钥进行验证,并根据投票结果,将该区块进行存储。 ④ After receiving the voting signature, other sub-entry nodes use their respective public keys for verification, and store the block according to the voting results.
    2、如权利要求1所述的联盟链共识身份认证方法,其特征在于:所述身份签名包括初始化模块、密钥生成模块、签名模块、验签模块。2. The alliance chain consensus identity authentication method according to claim 1, wherein the identity signature includes an initialization module, a key generation module, a signature module, and a signature verification module.
    3、如权利要求2所述的联盟链共识身份认证方法,其特征在于:所述初始化模块流程包括以下步骤:3. The alliance chain consensus identity authentication method according to claim 2, characterized in that: the initialization module process includes the following steps:
    ①由联盟链中的监管节点生成传输数据需要的公开参数PK,并将公开参数PK上传至区块链;①The public parameter PK required for data transmission is generated by the supervisory node in the alliance chain, and the public parameter PK is uploaded to the blockchain;
    ②随机选择两个阶为素数q的群G1和G2,定义双线性映射e、哈希函数H 1和H 2②Randomly select two groups G1 and G2 whose order is a prime number q, and define bilinear map e and hash functions H 1 and H 2 :
    e:G 1×G 2→G 2e: G 1 ×G 2 →G 2 ,
    H 1:{0,1} n→G 1H 1 : {0,1} n → G 1 ;
    H 2:G 1→Z qH 2 :G 1 →Z q ;
    ③从有限域Z q中随机选取一个随机数 s作为其私钥,再从群G 1中随机选取g作为其生成元,最后将公开参数PK上传至区块链; ③ Randomly select a random number s from the finite field Z q as its private key, then randomly select g from the group G 1 as its generator, and finally upload the public parameter PK to the blockchain;
    其中:in:
    Z q为q阶有限域,公开参数PK={q, e, G 1 ,G 2 ,H 1 ,H 2 ,g }。 Z q is a finite field of order q, and the public parameters PK={q, e, G 1 ,G 2 ,H 1 ,H 2 ,g }.
    4、如权利要求2所述的联盟链共识身份认证方法,其特征在于:所述密钥生成模块流程包括以下步骤:  4. The alliance chain consensus identity authentication method according to claim 2, characterized in that: the key generation module process includes the following steps: the
    ①监管节点在链上获取公开参数PK,然后根据每位节点的联盟成员身份信息,通过运行密钥生成算法生成各自的私钥,输入用户唯一身份信息ID、公开参数PK,输出用户私钥S ID与数字身份P ID,并将数字身份信息(ID,P ID)上传至区块链,将私钥S ID通过安全信道发送给用户; ①The supervisory node obtains the public parameter PK on the chain, and then generates its own private key by running the key generation algorithm according to the identity information of each node's alliance member, inputs the user's unique identity information ID, public parameter PK, and outputs the user's private key S ID and digital identity P ID , upload the digital identity information (ID, P ID ) to the blockchain, and send the private key S ID to the user through a secure channel;
    ②根据节点联盟成员身份信息ID∈{0,1} n,计算Q ID=H 1(ID),x=H 1(sQ ID),然后计算节点私钥S ID=x+s,用户公钥P ID=g x+s,将私钥S ID通过安全信道发送给用户; ②According to the node alliance member identity information ID∈{0,1} n , calculate Q ID = H 1 (ID), x = H 1 (sQ ID ), and then calculate node private key S ID = x+s, user public key P ID =g x+s , send the private key S ID to the user through a secure channel;
    其中,Q ID为身份信息的哈希值,x为监管节点的私钥s与Q ID的哈希值。 Among them, Q ID is the hash value of the identity information, and x is the hash value of the supervisory node's private key s and Q ID .
    5、如权利要求2所述的联盟链共识身份认证方法,其特征在于:所述签名模块流程包括以下步骤:5. The alliance chain consensus identity authentication method according to claim 2, characterized in that: the signature module process includes the following steps:
    ①签名节点通过链上获取到公开参数PK,然后运行签名算法,输入签名私钥S ID、公开参数PK、待签名信息M,输出签名δ; ①The signing node obtains the public parameter PK through the chain, then runs the signature algorithm, inputs the signature private key S ID , the public parameter PK, and the information M to be signed, and outputs the signature δ;
    ②对于待签名信息M,计算H 1(M),随机选取随机数r∈Z q,利用私钥S ID计算第一签名
    Figure 23438dest_path_image001
    ,第二签名
    Figure 647318dest_path_image002
    ,输出签名
    Figure 385467dest_path_image003
    ,并发送给验证节点。     ② For the message M to be signed, calculate H 1 (M), randomly select a random number r∈Z q , and use the private key S ID to calculate the first signature
    Figure 23438dest_path_image001
    , the second signature
    Figure 647318dest_path_image002
    , the output signature
    Figure 385467dest_path_image003
    , and sent to the verification node.
    6、如权利要求2所述的联盟链共识身份认证方法,其特征在于:所述验签模块流程包括以下步骤:6. The alliance chain consensus identity authentication method according to claim 2, characterized in that: the signature verification module process includes the following steps:
    ①验证节点通过链上获取到公开参数PK与数字身份信息,运行验证签名算法,输入签名δ、公开参数PK与数字身份信息,如果签名验证正确,输出true,否则false;① The verification node obtains the public parameter PK and digital identity information through the chain, runs the verification signature algorithm, inputs the signature δ, public parameter PK and digital identity information, and outputs true if the signature verification is correct, otherwise false;
    ②验证节点从链上获取发送节点公钥和公开参数PK,计算H 1(M),通过验证等式
    Figure 826812dest_path_image005
    是否成立判断签名是否正确;     ②The verification node obtains the public key of the sending node and the public parameter PK from the chain, calculates H 1 (M), and passes the verification equation
    Figure 826812dest_path_image005
    Whether it is established to determine whether the signature is correct;
    7、如权利要求6所述的联盟链共识身份认证方法,其特征在于:验证等式的正确性验证如下:7. The alliance chain consensus identity authentication method according to claim 6, characterized in that: the correctness verification of the verification equation is as follows:
    Figure 17622dest_path_image006
    Figure 17622dest_path_image006
    .
PCT/CN2022/099577 2021-12-23 2022-06-17 Consortium blockchain consensus identity authentication method WO2023115850A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111592121.6A CN114499952B (en) 2021-12-23 2021-12-23 Alliance chain consensus identity authentication method
CN202111592121.6 2021-12-23

Publications (1)

Publication Number Publication Date
WO2023115850A1 true WO2023115850A1 (en) 2023-06-29

Family

ID=81493384

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/099577 WO2023115850A1 (en) 2021-12-23 2022-06-17 Consortium blockchain consensus identity authentication method

Country Status (2)

Country Link
CN (1) CN114499952B (en)
WO (1) WO2023115850A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116938452A (en) * 2023-09-15 2023-10-24 天津太极风控网络科技有限公司 Cloud audit method for encrypted backup account set
CN117034356A (en) * 2023-10-09 2023-11-10 成都乐超人科技有限公司 Privacy protection method and device for multi-operation flow based on hybrid chain
CN117574440A (en) * 2024-01-17 2024-02-20 浙江大学 Alliance chain medical data right-determining and source-tracing method and system based on multiple signature technologies
CN118101198A (en) * 2024-04-23 2024-05-28 成都飞机工业(集团)有限责任公司 Block chain-based supply chain data secure sharing method
CN118174888A (en) * 2023-12-20 2024-06-11 江苏云启未来网络科技有限公司 Off-center avatar authentication service system based on web3.0
CN118278948A (en) * 2024-03-21 2024-07-02 广东聚金宝网络科技有限公司 Traceability authentication method based on blockchain
CN118379007A (en) * 2024-03-25 2024-07-23 天津大学 Semi-centralized underground water resource management system
CN118585518A (en) * 2024-08-07 2024-09-03 北京网藤科技有限公司 Intelligent contract-based alliance chain slimming method and system

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114499952B (en) * 2021-12-23 2024-04-09 中电科大数据研究院有限公司 Alliance chain consensus identity authentication method
CN115085947B (en) * 2022-08-23 2022-11-08 深圳市迪博企业风险管理技术有限公司 Data security inspection method and system in digital twin
CN115967583B (en) * 2023-03-16 2023-06-06 安羚科技(杭州)有限公司 Key management system and method based on alliance chain

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109902480A (en) * 2019-03-01 2019-06-18 重庆邮电大学 A kind of efficient authentication method for alliance's chain
CN110149304A (en) * 2019-04-01 2019-08-20 中国科学院信息工程研究所 A kind of traceable efficient anonymous authentication method of support identity suitable for alliance's chain and system
CN111222879A (en) * 2019-12-31 2020-06-02 航天信息股份有限公司 Certificateless authentication method and certificateless authentication system suitable for alliance chain
WO2021111211A1 (en) * 2019-12-06 2021-06-10 nChain Holdings Limited Identity-based public-key generation protocol
CN113656826A (en) * 2020-05-12 2021-11-16 中国科学院信息工程研究所 Anonymous identity management and verification method supporting dynamic change of user attributes
CN114499952A (en) * 2021-12-23 2022-05-13 中电科大数据研究院有限公司 Alliance chain consensus identity authentication method

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110046482A (en) * 2018-12-25 2019-07-23 阿里巴巴集团控股有限公司 Identity verification method and its system
CN111400727B (en) * 2019-01-03 2023-08-22 菜鸟智能物流控股有限公司 Block chain access control method and device and electronic equipment
CN110110555B (en) * 2019-04-24 2023-05-12 深圳前海微众银行股份有限公司 Voting method and device in block chain
CN112435024B (en) * 2020-11-17 2022-06-10 浙江大学 Alliance chain cross-chain privacy protection method based on group signature and CA multi-party authentication
CN112651830B (en) * 2020-12-03 2023-01-24 齐鲁工业大学 Block chain consensus method applied to power resource sharing network
CN113094743B (en) * 2021-03-18 2022-11-29 南京邮电大学 Power grid data storage method based on improved Byzantine consensus algorithm
CN113079020B (en) * 2021-03-30 2022-05-06 桂林电子科技大学 Multi-chain forensics method of alliance chain based on threshold signature decision system
CN113255014B (en) * 2021-07-07 2021-09-28 腾讯科技(深圳)有限公司 Data processing method based on block chain and related equipment
CN113779605B (en) * 2021-09-14 2024-07-02 码客工场工业科技(北京)有限公司 Industrial Internet Handle identification system analysis and authentication method based on alliance chain
CN113821789B (en) * 2021-09-26 2023-06-23 北京邮电大学 User key generation method, device, equipment and medium based on blockchain

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109902480A (en) * 2019-03-01 2019-06-18 重庆邮电大学 A kind of efficient authentication method for alliance's chain
CN110149304A (en) * 2019-04-01 2019-08-20 中国科学院信息工程研究所 A kind of traceable efficient anonymous authentication method of support identity suitable for alliance's chain and system
WO2021111211A1 (en) * 2019-12-06 2021-06-10 nChain Holdings Limited Identity-based public-key generation protocol
CN111222879A (en) * 2019-12-31 2020-06-02 航天信息股份有限公司 Certificateless authentication method and certificateless authentication system suitable for alliance chain
CN113656826A (en) * 2020-05-12 2021-11-16 中国科学院信息工程研究所 Anonymous identity management and verification method supporting dynamic change of user attributes
CN114499952A (en) * 2021-12-23 2022-05-13 中电科大数据研究院有限公司 Alliance chain consensus identity authentication method

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116938452A (en) * 2023-09-15 2023-10-24 天津太极风控网络科技有限公司 Cloud audit method for encrypted backup account set
CN116938452B (en) * 2023-09-15 2023-12-08 天津太极风控网络科技有限公司 Cloud audit method for encrypted backup account set
CN117034356A (en) * 2023-10-09 2023-11-10 成都乐超人科技有限公司 Privacy protection method and device for multi-operation flow based on hybrid chain
CN117034356B (en) * 2023-10-09 2024-01-05 成都乐超人科技有限公司 Privacy protection method and device for multi-operation flow based on hybrid chain
CN118174888A (en) * 2023-12-20 2024-06-11 江苏云启未来网络科技有限公司 Off-center avatar authentication service system based on web3.0
CN117574440A (en) * 2024-01-17 2024-02-20 浙江大学 Alliance chain medical data right-determining and source-tracing method and system based on multiple signature technologies
CN117574440B (en) * 2024-01-17 2024-04-30 浙江大学 Alliance chain medical data right-determining and source-tracing method and system based on multiple signature technologies
CN118278948A (en) * 2024-03-21 2024-07-02 广东聚金宝网络科技有限公司 Traceability authentication method based on blockchain
CN118379007A (en) * 2024-03-25 2024-07-23 天津大学 Semi-centralized underground water resource management system
CN118101198A (en) * 2024-04-23 2024-05-28 成都飞机工业(集团)有限责任公司 Block chain-based supply chain data secure sharing method
CN118585518A (en) * 2024-08-07 2024-09-03 北京网藤科技有限公司 Intelligent contract-based alliance chain slimming method and system

Also Published As

Publication number Publication date
CN114499952B (en) 2024-04-09
CN114499952A (en) 2022-05-13

Similar Documents

Publication Publication Date Title
WO2023115850A1 (en) Consortium blockchain consensus identity authentication method
CN112491846B (en) Cross-chain block chain communication method and device
Xu et al. A blockchain-based roadside unit-assisted authentication and key agreement protocol for internet of vehicles
Cui et al. An efficient and safe road condition monitoring authentication scheme based on fog computing
Huang et al. Scalable and redactable blockchain with update and anonymity
Zhao et al. An efficient certificateless aggregate signature scheme for the Internet of Vehicles
Liu et al. Time-bound anonymous authentication for roaming networks
CN114710275B (en) Cross-domain authentication and key negotiation method based on blockchain in Internet of things environment
CN112839041B (en) Block chain-based power grid identity authentication method, device, medium and equipment
Zhang et al. DBCPA: Dual blockchain-assisted conditional privacy-preserving authentication framework and protocol for vehicular ad hoc networks
CN113676333A (en) Method for generating SM2 blind signature through cooperation of two parties
Li et al. Conditional anonymous authentication with abuse-resistant tracing and distributed trust for internet of vehicles
Ayub et al. Secure consumer-centric demand response management in resilient smart grid as industry 5.0 application with blockchain-based authentication
Zhao et al. Fuzzy identity-based dynamic auditing of big data on cloud storage
Zhang et al. Multi-party electronic contract signing protocol based on blockchain
CN114928835B (en) Dynamic wireless sensor network construction method based on blockchain and key management
Shen et al. Cate: Cloud-aided trustworthiness evaluation scheme for incompletely predictable vehicular ad hoc networks
Zhao et al. A novel decentralized cross‐domain identity authentication protocol based on blockchain
Khan et al. A secure and energy efficient key agreement framework for vehicle-grid system
Mu et al. An identity privacy scheme for blockchain‐based on edge computing
CN114615006A (en) Edge layer data security protection method and system for power distribution Internet of things and storage medium
Parameswarath et al. A privacy-preserving authenticated key exchange protocol for V2G communications using SSI
Tian et al. Accountable fine-grained blockchain rewriting in the permissionless setting
Zheng et al. [Retracted] An Anonymous Authentication Scheme in VANETs of Smart City Based on Certificateless Group Signature
Li et al. A privacy-preserving lightweight energy data sharing scheme based on blockchain for smart grid

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22909182

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE